[Dibby053]

>no data can be exfiltrated.

Well, that depends on the other apps you have installed. Unless things have changed in newer versions, apps with no networking can still do IPC, so any app can for example use Cronet to make network requests via Google Play Services, regardless of the toggle, as long as sandboxed Google Play Services has network permission.

[gf000]

Good point and thanks for the heads up.

Mostly asking it as a question, given that graphene runs Google play services (optionally) as a normal, sandboxed service with no special permissions might help a bit, but I guess unless you disable networking for every other service installed, this is sort of impossible to plug 100%? IPC can be quite the security hole.

[lucb1e]

Only if the other services provide a network proxy right? You'd need to find an exploit in the app otherwise.

Edit: although, I just remembered that it's actually as simple as sending "open this URL" intents to the Android equivalent of sensible-browser, which everyone will have installed. That does rely on users not understanding or caring about what's happening or it only works for the first user

[subscribed]

Yep, nothing has changed yet. GOS project still has this in the road map, but as of now Inter Profile Sharing still works.

[ignoramous]

> so any app can for example use Cronet to make network requests via Google Play Services

Cronet? Isn't that Chromium's networking library? How's that letting apps connect via Google Play Services?

[Cider9986]

Agreed.